How is malware most commonly transmitted?

by
How is malware most commonly transmitted

Malware, short for “malicious software”, refers to any software that is specifically designed to access or damage a computer without the owner’s consent. Malware comes in many forms, including viruses, worms, Trojan horses, ransomware, spyware, adware, and more. Understanding how malware is commonly spread can help computer users better protect themselves from infection.

Email Attachments

One of the most common ways malware spreads is through email attachments. Cybercriminals will send out mass emails containing infected file attachments, hoping recipients will open them. These attachments may be disguised as innocuous files like documents, spreadsheets, PDFs, images, etc. However, opening them will trigger the malware payload. The malware may then install on the victim’s computer to steal data, encrypt files for ransom, relay spam, or allow the attacker to gain remote access.

Common Malware Spread Through Email

  • Trojans – Malware that disguises itself as legitimate software.
  • Worms – Malware that self-replicates and spreads itself automatically.
  • Ransomware – Malware that encrypts files and demands payment for decryption.
  • Information stealers – Malware designed to harvest sensitive data like credentials, financial information, etc.

Infected Websites

Visiting compromised websites is another common way computers get infected with malware. Hackers may exploit vulnerabilities in a website’s code to inject their malicious scripts. These scripts then get downloaded onto the computers of unsuspecting visitors. Drive-by downloads like this can happen in the background without the user noticing. The payloads may install keyloggers, backdoors, spyware, botnet malware, and other threats.

Ways Websites Can Spread Malware

  • Exploiting unpatched security flaws like buffer overflows or SQL injection vulnerabilities.
  • Uploading backdoored files that malicious code is hidden within.
  • Inserting malicious iframes or scripts into the site pages.
  • Compromising third-party components like plugins, APIs, or ads running on the site.

Infected Removable Media

Removable media like USB drives, external hard drives, CDs/DVDs, SD cards, etc. can also carry and transfer malware easily. Cybercriminals may purposely infect popular media files like MP3s or videos that they expect people will share and open. They may also leave infected USB drives lying around in public places, hoping victims will pick them up and plug them into their computers. The malware then runs as soon as the removable media is opened.

Types of Malware Often Spread by Removable Media

  • Autorun worms – Spread through infected portable drives relying on the Autorun feature.
  • Boot sector viruses – Infect the master boot record allowing them to execute on bootup.
  • Mass storage Trojans – Malware that hides inside media files like videos or documents.

Fake Software Downloads

Another common malware trap is downloading fake or repackaged software installers from untrustworthy sources. Hackers will take legitimate apps, infect them with malware payloads, then redistribute them on shady download sites. Unsuspecting users looking for free software can end up installing malware onto their system along with the program they downloaded. This technique is often used to distribute potentially unwanted programs (PUPs) like adware or spyware.

Types of Malware Hidden in Fake Software

  • Adware – Shows intrusive ads and collects user data for targeted advertising.
  • Spyware – Steals personal and system data like browsing history, credentials, etc.
  • Click fraud bots – Clicks on ads in the background to artificially generate revenue.
  • Cryptocurrency miners – Mines cryptocurrency using the victim’s computing resources.

Social Engineering

One non-technical way cybercriminals spread malware is through social engineering. This involves manipulating or tricking the user into installing malware themselves. Social engineering tactics include:

  • Phishing emails impersonating trusted sources that convince the victim to click malicious links or attachments.
  • Fake malware removal services that trick users into granting remote access or installing bogus antivirus software.
  • Tech support scams claiming the computer has issues and the user must download a remote access tool so the “tech” can fix it.

Exploit Kits

Exploit kits are hacking tools used to probe for and take advantage of vulnerabilities in software like web browsers, plugins, frameworks, etc. By leveraging these security flaws, exploit kits can silently deliver malware payloads onto victims’ computers. Commonly they are planted on compromised sites and launch drive-by downloads against visitors.

How Exploit Kits Work

  1. Victim visits a compromised website containing an exploit kit.
  2. Kit fingerprints the user’s software and probes for vulnerabilities.
  3. If a vulnerability is found, it forces the browser or plugin to run malicious code.
  4. Malware payload downloads to victim’s computer and infection begins.

Malvertising

Malvertising involves concealing malware inside legitimate online advertisements running on websites. When a user visits a site displaying a compromised ad, the malware hosted on the ad server infects their computer often without any action needed on the user’s part. Drive-by downloads like this can be very difficult to detect or prevent.

Why Malvertising Works

  • Ads allow cybercriminals to infect many popular mainstream sites at once.
  • Ads commonly include code from numerous external sources increasing attack surface.
  • Users expect ads so are unlikely to consider them malicious.

Peer-to-Peer Networks

Peer-to-peer (P2P) file sharing networks like BitTorrent can also spread malware. Cybercriminals may intentionally bundle malware installers into torrents which get downloaded and shared by users. Searching for illegal or pirated software on these networks substantially increases the risk of inadvertently downloading malware.

Malware Risks on File Sharing Networks

  • No oversight on content or quality.
  • Anonymity makes it hard to identify bad actors.
  • Users let their guard down expecting “free stuff” to be safe.

Instant Messaging / Chat Apps

Malware infections can spread through online instant messaging platforms and chat apps as well. Tactics include sending links or files through chat that activate malware if clicked or downloaded. Bots may also automatically message users with malicious content or links to scan for potential targets. Poor security protections on some chat apps enable cybercriminals to distribute malware undetected.

Chat Apps Vulnerable to Malware

  • WhatsApp
  • Telegram
  • Discord
  • Facebook Messenger

Infected Network Shares

Malware can spread through network shares and drives in business environments where employees share access to files on a central server. If one worker unknowingly infects a network share with malware, co-workers accessing that same share can end up compromised as well when they open infected files stored on it.

Mitigating Corporate Network Infections

  • Network segmentation to limit spread between departments.
  • Antivirus scanning of network shares and cloud storage.
  • User awareness training about cybersecurity.

Supply Chain Attacks

Supply chain cyber attacks target trusted third-party companies that work with larger organizations. By compromising a supplier, hackers can access data or implant malware intended for the supplier’s customers. From there, malware payloads get distributed downstream when customers install software or components from the compromised vendor.

Famous Supply Chain Malware Attacks

  • NotPetya – Spread via infected accounting software from vendor MeDoc.
  • SolarWinds – Infected network management software used by governments and corporations.
  • CCleaner – Malware implanted into legitimate system optimization utility.

Drive-by Cryptomining

Drive-by cryptomining (also called cryptojacking) involves running cryptocurrency mining malware on a victim’s computer without their consent. The mining software runs silently in the background draining computing resources to mine digital currency for the attacker. It spreads by injecting mining code into websites, ads, links, and downloads.

Signs of Cryptomining Malware

  • Overheating computers.
  • Sluggish performance.
  • High CPU usage.
  • Loud fan noises.

Windows Script Files

Windows script files like JavaScript (JS), Visual Basic scripts (VBS), or PowerShell (PS) cam carry and run malware commands. Hackers commonly use scripts because they can operate through the Windows Script Host with little to no protection. Their simple file extensions also make them easier to disguise as text files to bypass scanners.

Malicious Windows Scripts Actions

  • Download & execute additional payloads.
  • Install backdoors.
  • Disable security tools.
  • Scrape system & file data.
  • Move laterally across networks.

Third-Party App Stores

On mobile devices, third-party app stores outside the official Google Play Store and Apple App Store frequently contain compromised apps bundled with malware. Hackers submit their infected apps to these alternative markets to more easily reach users and bypass security vetting processes.

Highest Risk Third-Party App Stores

  • Aptoide
  • 9Apps
  • TutuApp
  • Panda Helper
  • TweakBox

Edge Computing Devices

Internet of Things (IoT) and edge computing devices like routers, modems, IP cameras, smart TVs, and printers often contain vulnerabilities that can allow remote malware installation. Their frequent lack of security updates and weak credentials make them prime targets for hijacking to spread malware into business and home networks.

Most Vulnerable Edge Computing Devices

  1. Routers
  2. IP cameras
  3. Printers
  4. Smart assistants
  5. Baby monitors

Software Bundling

Bundling is when unrelated software programs are packaged together for convenience. Unethical developers may try bundling malware in these suites alongside legitimate apps to smuggle infections through. Even reputable sites like Download.com have distributed malware-laden software bundles tricking people into installing them.

Protecting Yourself from Risky Bundles

  • Only download software from trusted publishers.
  • Check reviews and discussion forums for red flags.
  • Opt for custom vs express install options.
  • Scan any downloads with your antivirus first.

Conclusion

In summary, malware creators have many attack vectors available to distribute their malicious software – from phishing emails and infected sites to Trojanized apps and social engineering. Users should stay vigilant and adopt safe practices like keeping software patched and updated, avoiding suspicious downloads, enabling antivirus scans, and being cautious when contacted over email or online messaging platforms. Implementing endpoint protection, email security, and web filtering can also significantly lower the risk of malware reaching employee devices. With vigilance and common sense, you can avoid becoming the next victim of a malware outbreak.